vlc | branch: master | Hugo Beauzée-Luyssen <[email protected]> | Fri Aug 2 14:02:44 2019 +0200| [4d2f92b67e99a04553305ffd7656f0308c520d1f] | committer: Hugo Beauzée-Luyssen
asf: Reject streams with invalid entry time interval CVE-2019-14535 > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=4d2f92b67e99a04553305ffd7656f0308c520d1f --- modules/demux/asf/libasf.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/demux/asf/libasf.c b/modules/demux/asf/libasf.c index c2510f6ddd..d949c4848b 100644 --- a/modules/demux/asf/libasf.c +++ b/modules/demux/asf/libasf.c @@ -276,6 +276,12 @@ static int ASF_ReadObject_Index( stream_t *s, asf_object_t *p_obj ) #endif /* Sanity checking */ + if( !p_index->i_index_entry_time_interval ) + { + /* We can't use this index if it has an invalid time interval */ + p_index->i_index_entry_count = 0; + return VLC_ENOMEM; + } if( p_index->i_index_entry_count > (p_index->i_object_size - 56) / 6 ) p_index->i_index_entry_count = (p_index->i_object_size - 56) / 6; _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
